![Tp-Link TL-SG5426 [274/499] Secure shell commands](/img/pdf.png)
Tp-Link TL-SG5426 [274/499] Secure shell commands
![Tp-Link TL-SG5426 [274/499] Secure shell commands](/views2/1042695/page274/bg112.png)
System Management Commands
4-33
4
ip telnet server
This command allows this device to be monitored or configured from Telnet. Use the
no form to disable this function.
Syntax
[no] ip telnet server
Default Setting
Enabled
Command Mode
Global Configuration
Example
Related Commands
ip telnet port (4-32)
Secure Shell Commands
The Berkley-standard includes remote access tools originally designed for Unix
systems. Some of these tools have also been implemented for Microsoft Windows
and other environments. These tools, including commands such as rlogin (remote
login), rsh (remote shell), and rcp (remote copy), are not secure from hostile attacks.
The Secure Shell (SSH) includes server/client applications intended as a secure
replacement for the older Berkley remote access tools. SSH can also provide
remote management access to this switch as a secure replacement for Telnet.
When a client contacts the switch via the SSH protocol, the switch uses a public-key
that the client must match along with a local user name and password for access
authentication. SSH also encrypts all data transfers passing between the switch and
SSH-enabled management station clients, and ensures that data traveling over the
network arrives unaltered.
This section describes the commands used to configure the SSH server. However,
note that you also need to install a SSH client on the management station when
using this protocol to configure the switch.
Note:
The switch supports both SSH Version 1.5 and 2.0.
Console(config)#ip telnet server
Console(config)#
Table 4-15 SSH Commands
Command Function Mode Page
ip ssh server Enables the SSH server on the switch GC 4-35
ip ssh timeout Specifies the authentication timeout for the SSH server GC 4-36
ip ssh
authentication-retries
Specifies the number of retries allowed by a client GC 4-37
ip ssh server-key size Sets the SSH server key size GC 4-37
Содержание
- Port gigabit managed switch 1
- Tl sg5426 1
- Copyright trademarks 2
- Ce mark warning 3
- Fcc statement 3
- Contents 4
- Tables 18
- Figures 22
- Chapter 1 introduction 26
- Key features 26
- Table 1 1 key features 26
- This switch provides a broad range of features for layer 2 switching it includes a management agent that allows you to configure the features listed in this manual the default configuration can be used for most of the features provided by this switch however there are many options that you should configure to maximize the switch s performance for your particular network environment 26
- Description of software features 27
- Introduction 27
- Description of software features 28
- Be used to provide independent priorities for delay sensitive data and best effort data 29
- Introduction 29
- Description of software features 30
- Introduction 31
- System defaults 31
- Table 1 2 system defaults 31
- The following table lists some of the basic system defaults 31
- The switch s system defaults are provided in the configuration file factory_default_config cfg to reset the switch defaults this file should be set as the startup configuration file page 3 19 31
- System defaults 32
- Table 1 2 system defaults continued 32
- Introduction 33
- Table 1 2 system defaults continued 33
- Chapter 2 initial configuration 34
- Configuration options 34
- Connecting to the switch 34
- Initial configuration 35
- Required connections 35
- Basic configuration 36
- Console connection 36
- Remote connections 36
- Initial configuration 37
- Manual configuration 37
- Setting an ip address 37
- Setting passwords 37
- At the interface configuration mode prompt use one of the following commands 38
- Basic configuration 38
- Dynamic configuration 38
- Community strings for snmp version 1 and 2c clients 39
- Enabling snmp management access 39
- Initial configuration 39
- Basic configuration 40
- Trap receivers 40
- Configuring access for snmp version 3 clients 41
- Initial configuration 41
- Saving configuration settings 41
- Chapter 3 configuring the switch 43
- Using the web interface 43
- Configuring the switch 44
- Home page 44
- Navigating the web browser interface 44
- Configurable parameters have a dialog box or a drop down list once a configuration change has been made on a page be sure to click on the apply button to confirm the new setting the following table summarizes the web page configuration buttons 45
- Configuration options 45
- Navigating the web browser interface 45
- Notes 1 45
- Panel display 45
- The web agent displays an image of the switch s ports the mode can be set to display different information for the ports including active i e up or down duplex i e half or full duplex or flow control i e with or without flow control clicking on the image of a port opens the port configuration page as described on page 3 78 45
- Tl sg5426 45
- Configuring the switch 46
- Main menu 46
- Using the onboard web agent you can define system parameters manage and control the switch and all its ports or monitor network conditions the following table briefly describes the selections available from this program 46
- Navigating the web browser interface 47
- Configuring the switch 48
- Navigating the web browser interface 49
- Configuring the switch 50
- Navigating the web browser interface 51
- Basic configuration 52
- Configuring the switch 52
- Displaying system information 52
- Managing system files 53
- Basic configuration 54
- Displaying switch hardware software versions 54
- The main board and management software as well as the power status of the system 54
- Cli use the following command to display version information 55
- Configuring the switch 55
- Figure 3 4 switch information 55
- Web click system switch information 55
- Basic configuration 56
- Displaying bridge extension capabilities 56
- Configuring the switch 57
- Setting the switch s ip address 57
- Basic configuration 58
- Cli specify the management interface ip address and default gateway 58
- Figure 3 6 manual ip configuration 58
- Manual configuration 58
- Web click system ip configuration select the vlan through which the management station is attached set the ip address mode to static enter the ip address subnet mask and gateway then click apply 58
- Configuring the switch 59
- Using dhcp bootp 59
- Basic configuration 60
- Enabling jumbo frames 60
- Managing firmware 60
- Configuring the switch 61
- Downloading system software from a server 61
- The file name should not contain slashes or 61
- Basic configuration 62
- Saving or restoring configuration settings 62
- Configuring the switch 63
- Downloading configuration settings from a server 63
- The file name should not contain slashes or 63
- Basic configuration 64
- Console port settings 64
- Configuring the switch 65
- Basic configuration 66
- Cli enter line configuration mode for the console then specify the connection parameters as required to display the current console port settings use the show line command from the normal exec level 66
- Command attributes 66
- Exec timeout sets the interval that the system waits until user input is detected if user input is not detected within the timeout interval the current session is terminated range 0 65535 seconds default 600 seconds password threshold sets the password intrusion threshold which limits the number of failed logon attempts when the logon attempt threshold is reached the 66
- Telnet settings 66
- Telnet status enables or disables telnet access to the switch default enabled telnet port number sets the tcp port number for telnet on the switch default 23 login timeout sets the interval that the system waits for a user to log into the cli if a login attempt is not detected within the timeout interval the connection is terminated for the session range 0 300 seconds default 300 seconds 66
- You can access the onboard configuration program over the network using telnet i e a virtual terminal management access via telnet can be enabled disabled and other various parameters set including the tcp port number timeouts and a password these parameters can be configured via the web or cli interface 66
- Configuring the switch 67
- Basic configuration 68
- Cli enter line configuration mode for a virtual terminal then specify the connection parameters as required to display the current virtual terminal settings use the show line command from the normal exec level 68
- Configuring event logging 68
- Displaying log messages 68
- The logs page allows you to scroll through the logged system and event messages the switch can store up to 2048 log entries in temporary random access memory ram i e memory flushed on power reset and up to 4096 entries in permanent flash memory 68
- The switch allows you to control the logging of error messages including the type of events that are recorded in switch memory logging to a remote system log syslog server and displays a list of recent event messages 68
- Web click system log logs 68
- Configuring the switch 69
- System log configuration 69
- Basic configuration 70
- Remote log configuration 70
- Set the level of event messages to be logged to ram and flash memory then click apply 70
- Configuring the switch 71
- Simple mail transfer protocol 71
- Basic configuration 72
- Configuring the switch 73
- Renumbering the system 73
- Resetting the system 73
- Basic configuration 74
- Configuring sntp 74
- Setting the system clock 74
- Configuring the switch 75
- Setting the time zone 75
- Setting community access strings 76
- Simple network management protocol 76
- Configuring the switch 77
- Specifying trap managers and trap types 77
- Enabling snmp agent status 78
- Simple network management protocol 78
- Configuring snmpv3 management access 79
- Configuring the switch 79
- Setting the local engine id 79
- Configuring snmpv3 users 80
- Simple network management protocol 80
- Specifying a remote engine id 80
- Configuring the switch 81
- Cli use the snmp server user command to configure a new user name and assign it to a group 82
- Figure 3 29 configuring snmpv3 users 82
- Simple network management protocol 82
- Web click snmp snmpv3 users click new to configure a user name in the new user page define a name and assign it to a group then click add to save the configuration and return to the user name list to delete a user check the box next to the user name then click delete to change the assigned group of a user click change group in the actions column of the users table and select the new group 82
- Configuring remote snmpv3 users 83
- Configuring the switch 83
- Configuring snmpv3 groups 84
- Simple network management protocol 84
- Configuring the switch 85
- Notify view the configured view for notifications range 1 64 characters 85
- Simple network management protocol 86
- Cli use the snmp server group command to configure a new group specifying the security model and level and restricting mib access to defined read and write views 87
- Configuring the switch 87
- Figure 3 31 configuring snmpv3 groups 87
- Web click snmp snmpv3 groups click new to configure a new group in the new group page define a name assign a security model and level and then select read and write views click add to save the new group and return to the groups list to delete a group check the box next to the group name then click delete 87
- Setting snmpv3 views 88
- Simple network management protocol 88
- Configuring the switch 89
- Configuring user accounts 89
- User authentication 89
- User authentication 90
- Configuring local remote logon authentication 91
- Configuring the switch 91
- User authentication 92
- Configuring the switch 93
- Cli specify all the required parameters to enable logon authentication 94
- User authentication 94
- Configuring https 95
- Configuring the switch 95
- Caution 96
- Cli this example enables the http secure server and modifies the port number 96
- For maximum security we recommend you obtain a unique secure sockets layer certificate at the earliest opportunity this is because the default certificate for the switch is not unique to the hardware you have purchased 96
- Replacing the default secure site certificate 96
- The switch must be reset for the new certificate to be activated to reset the switch type 96
- User authentication 96
- When you have obtained these place them on your tftp server and use the following command at the switch s command line interface to replace the default unrecognized certificate with an authorized one 96
- When you log onto the web interface using https for secure access a secure sockets layer ssl certificate appears for the switch by default the certificate that netscape and internet explorer display will be associated with a warning that the site is not recognized as a secure site this is because the certificate has not been signed by an approved certification authority if you want this warning to be replaced by a message confirming that the connection to the switch is secure you must obtain a unique certificate and a private key and password from a recognized certification authority 96
- Configuring the secure shell 97
- Configuring the switch 97
- User authentication 98
- Configuring the ssh server 99
- Configuring the switch 99
- Generating the host key pair 100
- User authentication 100
- Algorithms stores the keys to flash memory and then displays the host s public keys 101
- Cli this example generates a host key pair using both the rsa and dsa 101
- Configuring the switch 101
- Web click security ssh host key settings select the host key type from the drop down box select the option to save the host key from memory to flash if required prior to generating the key and then click generate 101
- Configuring port security 102
- User authentication 102
- Configuring 802 x port authentication 103
- Configuring the switch 103
- Displaying 802 x global settings 104
- User authentication 104
- 802 x system authentication control sets the global setting for 802 x default disabled 105
- Cli this example enables 802 x globally for the switch 105
- Cli this example shows the default global setting for 802 x 105
- Command attributes 105
- Configuring 802 x global settings 105
- Configuring the switch 105
- Figure 3 39 802 x global information 105
- Figure 3 40 802 x global configuration 105
- The 802 x protocol provides port authentication the 802 x protocol must be enabled globally for the switch system before port settings are active 105
- Web click security 802 x information 105
- Web select security 802 x configuration enable 802 x globally for the switch and click apply 105
- Configuring port settings for 802 x 106
- User authentication 106
- Waits before re transmitting an eap packet range 1 65535 default 30 seconds 106
- Cli this example sets the 802 x parameters on port 2 for a description of the additional fields displayed in this example see show dot1x on page 4 86 108
- User authentication 108
- Configuring the switch 109
- Displaying 802 x statistics 109
- This switch can display statistics for dot1x protocol exchanges for any port 109
- Web select security 802 x statistics select the required port and then click query click refresh to update the statistics 109
- Access control lists 110
- Configuring access control lists 110
- Configuring the switch 111
- Setting the acl name and type 111
- Access control lists 112
- Configuring a standard ip acl 112
- Configuring an extended ip acl 112
- Configuring the switch 113
- Access control lists 114
- Configuring a mac acl 115
- Configuring the switch 115
- Access control lists 116
- Binding a port to an access control list 116
- Configuring the switch 117
- Filtering ip addresses for management access 117
- Access control lists 118
- Configuring the switch 119
- Displaying connection status 119
- Port configuration 119
- Port configuration 120
- Shows the current speed and duplex mode auto or fixed choice 120
- Configuring interface connections 121
- Configuring the switch 121
- Port configuration 122
- Configuring the switch 123
- Creating trunk groups 123
- Active links 124
- Port configuration 124
- Statically configured 124
- Statically configuring a trunk 124
- Configuring the switch 125
- Enabling lacp on selected ports 125
- Port configuration 126
- Cli the following example enables lacp for ports 1 to 6 just connect these ports to lacp enabled trunk ports on another switch to form a trunk 127
- Command attributes 127
- Configuring lacp parameters 127
- Configuring the switch 127
- Dynamically creating a port channel 127
- However if the port channel admin key is set 127
- Note if the port channel admin key lacp admin key 4 135 is not set through the cli when a channel group is formed i e it has a null value of 0 this key is set to the same value as the port admin key used by the interfaces that joined the group lacp admin key as described in this section and on 4 134 127
- Port port number range 1 26 127
- Ports assigned to a common port channel must meet the following criteria ports must have the same lacp system priority ports must have the same lacp port admin key 127
- Set port actor this menu sets the local side of an aggregate link i e the ports on this switch 127
- System priority lacp system priority is used to determine link aggregation group lag membership and to identify this device to other switches during lag negotiations range 0 65535 default 32768 ports must be configured with the same system priority to join the same lag 127
- Then the port admin key must be set to the same value for a port to be allowed to join a channel group 127
- Port configuration 128
- This device after you have completed setting the port lacp parameters click apply 128
- Cli the following example configures lacp parameters for ports 1 4 ports 1 4 are used as active members of the lag 129
- Configuring the switch 129
- Displaying lacp port counters 129
- Field description 129
- Lacpdus received number of valid lacpdus received on this channel group 129
- Lacpdus sent number of valid lacpdus transmitted from this channel group 129
- Marker received number of valid marker pdus received by this channel group 129
- Marker sent number of valid marker pdus transmitted from this channel group 129
- Table 3 7 lacp port counters 129
- You can display statistics for lacp protocol messages 129
- Cli the following example displays lacp counters 130
- Field description 130
- Figure 3 54 lacp port counters information 130
- Marker illegal pkts number of frames that carry the slow protocols ethernet type value but contain a badly formed pdu or an illegal value of protocol subtype 130
- Marker unknown pkts number of frames received that either 1 carry the slow protocols ethernet type value but contain an unknown pdu or 2 are addressed to the slow protocols group mac address but do not carry the slow protocols ethernet type 130
- Port configuration 130
- Table 3 7 lacp port counters continued 130
- Web click port lacp port counters information select a member port to display the corresponding information 130
- Configuring the switch 131
- Displaying lacp settings and status for the local side 131
- Long timeout periodic transmission of lacpdus uses a slow transmission rate lacp activity activity control value with regard to this link 0 passive 1 active 131
- You can display configuration settings and the operational state for the local side of an link aggregation 131
- Cli the following example displays the lacp configuration settings and operational state for the local side of port channel 1 132
- Figure 3 55 lacp port internal information 132
- Port configuration 132
- Web click port lacp port internal information select a port channel to display the corresponding information 132
- Configuring the switch 133
- Displaying lacp settings and status for the remote side 133
- Web click port lacp port neighbors information select a port channel to display the corresponding information 133
- You can display configuration settings and the operational state for the remote side of an link aggregation 133
- Port configuration 134
- Setting broadcast storm thresholds 134
- Cli specify any interface and then enter the threshold the following disables broadcast storm control for port 1 and then sets broadcast suppression at 500 packets per second for port 2 135
- Configuring the switch 135
- Figure 3 57 port broadcast control 135
- Web click port port trunk broadcast control set the threshold mark the enabled field for the desired interface and click apply 135
- Configuring port mirroring 136
- Port configuration 136
- Configuring rate limits 137
- Configuring the switch 137
- Rate limit configuration 137
- Cli this example sets the rate limit level for input traffic passing through port 3 138
- Port configuration 138
- Showing port statistics 138
- You can display standard statistics on network traffic from the interfaces group and ethernet like mibs as well as a detailed breakdown of traffic based on the rmon mib interfaces and ethernet like statistics display errors on the traffic passing through each port this information can be used to identify potential problems with the switch such as a faulty port or unusually heavy loading rmon statistics provide access to a broad range of statistics including a total count of different frame types and sizes passing through each port all values displayed have been accumulated since the last system reboot and are shown as counts per second statistics are refreshed every 60 seconds by default 138
- Configuring the switch 139
- Port configuration 140
- Configuring the switch 141
- Address table settings 142
- Setting static addresses 142
- Configuring the switch 143
- Displaying the address table 143
- Address table settings 144
- Cli this example also displays the address table entries for port 1 144
- Figure 3 62 configuring a dynamic address table 144
- Web click address table dynamic addresses specify the search type i e mark the interface mac address or vlan checkbox select the method of sorting the displayed addresses and then click query 144
- Changing the aging time 145
- Configuring the switch 145
- Spanning tree algorithm configuration 145
- Spanning tree algorithm configuration 146
- Configuring the switch 147
- Displaying global settings 148
- Spanning tree algorithm configuration 148
- Configuring the switch 149
- Configuring global settings 150
- Spanning tree algorithm configuration 150
- This command displays global sta settings followed by settings for each por 150
- Configuring the switch 151
- Spanning tree algorithm configuration 152
- Cli this example enables spanning tree protocol sets the mode to rstp and then configures the sta and rstp parameters 153
- Configuring the switch 153
- Figure 3 65 configuring spanning tree 153
- Web click spanning tree sta configuration modify the required attributes and click apply 153
- Displaying interface settings 154
- Spanning tree algorithm configuration 154
- Configuring the switch 155
- Cli this example shows the sta attributes for port 5 156
- Figure 3 66 displaying spanning tree port information 156
- Spanning tree algorithm configuration 156
- The amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to reconfigure when the interface changes state and also overcomes other sta related timeout problems however remember that edge port should only be enabled for ports connected to an end node device admin link type the link type attached to this interface point to point a connection to exactly one other bridge shared a connection to two or more bridges auto the switch automatically determines if the interface is attached to a point to point link or to shared media 156
- Web click spanning tree sta port information or sta trunk information 156
- Configuring interface settings 157
- Configuring the switch 157
- Spanning tree algorithm configuration 158
- Configuring multiple spanning trees 159
- Configuring the switch 159
- Spanning tree algorithm configuration 160
- Cli this example sets sta attributes for port 1 followed by settings for each port 161
- Command attributes 161
- Configuring the switch 161
- Displaying interface settings for mstp 161
- Mst instance id instance identifier to configure default 0 161
- The mstp port information and mstp trunk information pages display the current status of ports and trunks in the selected mst instance 161
- Spanning tree algorithm configuration 162
- Cli this displays sta settings for instance 0 followed by settings for each port the settings for instance 0 are global settings that apply to the ist the settings for other instances only apply to the local spanning tree 163
- Configuring interface settings for mstp 163
- Configuring the switch 163
- Field attributes 163
- For additional information 163
- Sta state displays current state of this port within the spanning tree 163
- The following attributes are read only and cannot be changed 163
- You can configure the sta interface settings for an mst instance using the mstp port configuration and mstp trunk configuration pages 163
- Spanning tree algorithm configuration 164
- Configuring the switch 165
- Ieee 802 q vlans 165
- Vlan configuration 165
- Assigning ports to vlans 166
- Vlan configuration 166
- Configuring the switch 167
- Enabling or disabling gvrp global setting 168
- Forwarding tagged untagged frames 168
- Vlan configuration 168
- Configuring the switch 169
- Displaying basic vlan information 169
- Displaying current vlans 169
- Vlan configuration 170
- Configuring the switch 171
- Creating vlans 171
- Adding static members to vlans vlan index 172
- Cli this example creates a new vlan 172
- Figure 3 74 configuring a vlan static list 172
- Use the vlan static table to configure port members for the selected vlan index assign ports as tagged if they are connected to 802 q vlan compliant devices or untagged they are not connected to any vlan aware devices or configure a port as forbidden to prevent the switch from automatically adding it to a vlan via the gvrp protocol notes 1 172
- Vlan configuration 172
- Web click vlan 802 q vlan static list to create a new vlan enter the vlan id and vlan name mark the enable checkbox to activate the vlan and then click add 172
- You can also use the vlan static membership by port page to configure vlan groups based on the port index page 3 131 however note that this configuration page can only add ports to a vlan as tagged members 172
- Configuring the switch 173
- Adding static members to vlans port index 174
- Vlan configuration 174
- Configuring the switch 175
- Configuring vlan behavior for interfaces 175
- Ingress filtering does not affect vlan independent bpdu frames such as gvrp or stp however they do affect vlan dependent bpdu frames such as gmrp 175
- Vlan id assigned to untagged frames received on the interface default 1 175
- Configuring ieee 802 q tunneling 176
- Configuring the switch 177
- Configuring ieee 802 q tunneling 178
- Configuring the switch 179
- Configuring ieee 802 q tunneling 180
- Enabling qinq tunneling on the switch 180
- Adding an interface to a qinq tunnel 181
- Configuring the switch 181
- Configuring ieee 802 q tunneling 182
- Cli this example sets port 1 to tunnel access mode indicates that the tpid used for 802 q tagged frames is 9100 hexadecimal and sets port 2 to tunnel uplink mode 183
- Configuring the switch 183
- Configuring ieee 802 q tunneling 184
- Configuring private vlans 184
- Enabling private vlans 184
- Configuring the switch 185
- Configuring uplink and downlink ports 185
- Protocol vlan group configuration 185
- Protocol vlans 185
- Configuring ieee 802 q tunneling 186
- Configuring protocol vlan interfaces 186
- Class of service configuration 187
- Configuring the switch 187
- Layer 2 queue settings 187
- Setting the default priority for interfaces 187
- 2 0 3 4 5 6 7 188
- Class of service configuration 188
- Cli this example assigns a default priority of 5 to port 3 188
- Figure 3 84 port priority configuration 188
- Mapping cos values to egress queues 188
- Table 3 11 mapping cos values to egress queues 188
- This switch processes class of service cos priority tagged traffic by using four priority queues for each port with service schedules based on strict or weighted round robin wrr up to eight separate traffic priorities are defined in ieee 802 p the default priority levels are assigned according to recommendations in the ieee 802 p standard as shown in the following table 188
- Web click priority default port priority or default trunk priority modify the default priority for any interface then click apply 188
- Command attributes 189
- Configuring the switch 189
- Output queue buffer range 0 3 where 3 is the highest cos priority queue 189
- Priority cos value range 0 7 where 7 is the highest priority 189
- Select a port or trunk for the current mapping of cos values to output queues to be displayed assign priorities to the traffic classes i e output queues then click apply 189
- The priority levels recommended in the ieee 802 p standard for various network applications are shown in the following table however you can map the priority levels to the switch s output queues in any way that benefits application traffic for your own network 189
- Traffic clas 189
- Web cl 189
- Class of service configuration 190
- Enabling cos 190
- Selecting the queue mode 190
- Configuring the switch 191
- Setting the service weight for traffic classes 191
- Class of service configuration 192
- Layer 3 4 priority settings 192
- Mapping layer 3 4 priorities to cos values 192
- Selecting ip precedence dscp priority 192
- Configuring the switch 193
- Mapping ip precedence 193
- Class of service configuration 194
- Cli the following example globally enables ip precedence service on the switch maps ip precedence value 1 to cos value 0 on port 1 and then displays the ip precedence settings 194
- Figure 3 90 mapping ip precedence priority values 194
- Mapping specific values for ip precedence is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch 194
- Web click priority ip precedence priority select an entry from the ip precedence priority table enter a value in the class of service value field and then click apply 194
- Command attributes 195
- Configuring the switch 195
- Dscp priority table shows the dscp priority to cos map class of service value maps a cos value to the selected dscp priority value note that 0 represents low priority and 7 represent high priority 195
- Mapping dscp priority 195
- The dscp is six bits wide allowing coding for up to 64 different forwarding behaviors the dscp retains backward compatibility with the three precedence bits so that non dscp compliant will not conflict with the dscp mapping based on network policies different kinds of traffic can be marked for different kinds of forwarding the dscp default values are defined in the following table note that all the dscp values that are not specified are mapped to cos value 0 195
- Web click priority ip dscp priority select an entry from the dscp table enter a value in the class of service value field then click apply 195
- Class of service configuration 196
- Cli the following example globally enables dscp priority service on the switch maps dscp value 0 to cos value 1 on port 1 and then displays the dscp priority settings 196
- Command attributes 196
- Figure 3 92 ip port priority status 196
- Ip port priority status enables or disables the ip port priority ip port priority table shows the ip port to cos map ip port number tcp udp set a new ip port number class of service value sets a cos value for a new ip port note that 0 represents low priority and 7 represent high priority 196
- Mapping ip port priority 196
- Web click priority ip port priority status set ip port priority status to enabled 196
- You can also map network applications to class of service values based on the ip port number i e tcp udp port number in the frame header some of the more common tcp service ports include http 80 ftp 21 telnet 23 and pop3 110 196
- Configuring the switch 197
- Quality of service 197
- Configuring a class map 198
- Configuring quality of service parameters 198
- Quality of service 198
- Configuring the switch 199
- Quality of service 200
- Configuring the switch 201
- Creating qos policies 201
- Quality of service 202
- Cli this example creates a policy map called rd policy sets the average bandwidth the 1 mbps the burst rate to 1522 bps and the response to reduce the dscp value for violating packets to 0 203
- Configuring the switch 203
- Figure 3 95 configuring policy maps 203
- Web click qos diffserv policy map to display the list of existing policy maps to add a new policy map click add policy to configure the policy rule settings click edit classes 203
- Attaching a policy map to ingress queues 204
- Quality of service 204
- Configuring the switch 205
- Layer 2 igmp snooping and query 205
- Multicast filtering 205
- Configuring igmp snooping and query parameters 206
- Multicast filtering 206
- Cli this example modifies the settings for multicast filtering and then displays the current status 207
- Configuring the switch 207
- Enabling igmp immediate leave 207
- Figure 3 97 igmp configuration 207
- Igmp immediate leave improves bandwidth management for all hosts in a switched network 207
- The igmp snooping immediate leave feature enables a layer 2 lan interface to be removed from the multicast forwarding table without first sending an igmp group specific query to the interface upon receiving a group specific igmpv2 leave message the switch immediately removes the interface from the layer 2 forwarding table entry for that multicast group unless a multicast router was learned on the port 207
- Web click igmp snooping igmp configuration adjust the igmp settings as required and then click apply the default settings are shown below 207
- Displaying interfaces attached to a multicast router 208
- Multicast filtering 208
- Configuring the switch 209
- Specifying static interfaces for a multicast router 209
- Displaying port members of multicast services 210
- Multicast filtering 210
- Assigning ports to multicast services 211
- Configuring the switch 211
- Igmp filtering and throttling 212
- Multicast filtering 212
- Configuring the switch 213
- Enabling igmp filtering and throttling 213
- Configuring igmp filtering and throttling for interfaces 214
- Multicast filtering 214
- Cli this example assigns igmp profile number 19 to port 1 and then sets the throttling number and action the current igmp filtering and throttling settings for the interface are then displayed 215
- Command usage 215
- Configuring igmp filter profiles 215
- Configuring the switch 215
- Each profile has only one access mode either permit or deny when the access mode is set to permit igmp join reports are processed when a multicast group falls within the controlled range when the access mode is set to 215
- Figure 3 104 igmp filter and throttling port configuration 215
- Web click igmp snooping igmp filter throttling port configuration or igmp filter throttling trunk configuration select a profile to assign to an interface then set the throttling number and action click apply 215
- When you have created an igmp profile number you can then configure the multicast groups to filter and set the access mode 215
- Multicast filtering 216
- Configuring global mvr settings 217
- Multicast filtering 217
- Configuring the switch 218
- Multicast vlan registration 218
- Configuring the switch 219
- Displaying mvr interface status 219
- Cli this example shows information about interfaces attached to the mvr vlan 220
- Figure 3 107 mvr port information 220
- Multicast filtering 220
- Web click mvr port or trunk information 220
- Configuring the switch 221
- Displaying port members of multicast groups 221
- Configuring mvr interface status 222
- Multicast filtering 222
- Assigning static multicast groups to interfaces 223
- Configuring the switch 223
- Configuring domain name service 224
- Configuring general dns service parameters 224
- Configuring the switch 225
- Configuring domain name service 226
- Configuring static dns host to address entries 226
- Cli this example maps two address to a host name and then configures an alias host name for the same addresses 227
- Configuring the switch 227
- Figure 3 112 dns static host table 227
- Web select dns static host table enter a host name and one or more corresponding addresses then click apply 227
- Configuring domain name service 228
- Displaying the dns cache 228
- Configuring the switch 229
- Dhcp snooping 229
- Dhcp snooping 230
- Dhcp snooping configuration 230
- Configuring the switch 231
- Dhcp snooping information option configuration 231
- Dhcp snooping vlan configuration 231
- Dhcp snooping 232
- Dhcp snooping port configuration 232
- Configuring the switch 233
- Dhcp snooping binding information 233
- Ip source guard 234
- Ip source guard port configuration 234
- Configuring the switch 235
- Static ip source guard binding configuration 235
- Dynamic ip source guard binding information 236
- Ip source guard 236
- Configuring the switch 237
- Switch clustering 237
- Cluster configuration 238
- Switch clustering 238
- Cluster member configuration 239
- Configuring the switch 239
- Cluster member information 240
- Switch clustering 240
- Cluster candidate information 241
- Configuring the switch 241
- Accessing the cli 242
- Chapter 4 command line interface 242
- Console connection 242
- Using the command line interface 242
- Command line interface 243
- Telnet connection 243
- Command completion 244
- Entering commands 244
- Getting help on commands 244
- Keywords and arguments 244
- Minimum abbreviation 244
- Command line interface 245
- If you enter a at the command prompt the system will display the first level of keywords for the current command class normal exec or privileged exec or configuration class global acl interface line or vlan database you can also display a list of valid keywords for a specific command for example the command show displays a list of possible show commands 245
- Showing commands 245
- Entering commands 246
- Negating the effect of commands 246
- Partial keyword lookup 246
- Understanding command modes 246
- Using command history 246
- Command line interface 247
- Command prompt only a limited number of the commands are available in this mode you can access all commands only from the privileged exec command mode or administrator mode to access privilege exec mode open a new console session with the user name and password admin the system will now display the console command prompt you can also enter privileged exec mode from within normal exec mode by entering the enable command followed by the privileged level password super page 4 26 247
- Exec commands 247
- Table 4 1 command modes 247
- To enter privileged exec mode enter the following user names and passwords 247
- Configuration commands 248
- Configuration commands are privileged level commands used to modify switch settings these commands modify the running configuration only and are not saved when the switch is rebooted to store the running configuration in non volatile storage use the copy running config startup config command 248
- Entering commands 248
- For example you can use the following commands to enter interface configuration mode and then return to privileged exec mode 248
- Global configuration these commands modify the system level configuration and include commands such as hostname and snmp server community access control list configuration these commands are used for packet filtering 248
- Interface configuration these commands modify the port configuration such as speed duplex and negotiation line configuration these commands modify the console port and telnet configuration and include command such as parity and databits vlan configuration includes the command to create vlan groups 248
- Table 4 2 configuration modes 248
- The configuration commands are organized into different modes 248
- To enter the global configuration mode enter the command configure in privileged exec mode the system prompt will change to console config which gives you access privilege to all global configuration commands 248
- To enter the other modes at the configuration prompt type one of the following commands use the exit or end command to return to the privileged exec mode 248
- Command line interface 249
- Command line processing 249
- Commands are not case sensitive you can abbreviate commands and parameters as long as they contain enough letters to differentiate them from any other currently available commands or parameters you can use the tab key to complete partial commands or enter a partial command followed by the character to display a list of possible matches you can also use the following editing keystrokes for command line processing 249
- Table 4 3 command line processing 249
- Command groups 250
- Table 4 4 command groups 250
- The system commands can be broken down into the functional groups shown belo 250
- Acl access control list configuration mst multiple spanning tree cm class map configuration ne normal exec gc global configuration pe privileged exec ic interface configuration pm policy map configuration lc line configuration vc vlan database configuration 251
- Command line interface 251
- Line commands 251
- Table 4 5 line commands 251
- The access mode shown in the following tables is indicated by these abbreviations 251
- You can access the onboard configuration program by attaching a vt100 compatible device to the server s serial port these commands are used to set communication parameters for the serial port or telnet i e a virtual terminal 251
- Line commands 252
- Command line interface 253
- Password 253
- Exec timeout 254
- Line commands 254
- Timeout login response 254
- Command line interface 255
- Password thresh 255
- Databits 256
- Line commands 256
- Silent time 256
- Command line interface 257
- Parity 257
- Line commands 258
- Stopbits 258
- Command line interface 259
- Disconnect 259
- Show line 259
- Enable 260
- Example to show all lines enter this command 260
- General commands 260
- Level privilege level to log into the device 260
- Syntax enable level 260
- Table 4 6 general commands 260
- The device has two predefined privilege levels 0 normal exec 15 privileged exec enter level 15 to access privileged exec mode 260
- This command activates privileged exec mode in privileged mode additional commands are available and certain commands display additional information see understanding command modes on page 4 5 260
- Command line interface 261
- Disable 261
- Configure 262
- General commands 262
- Show history 262
- Command line interface 263
- Reload 263
- General commands 264
- Command line interface 265
- Device designation commands 265
- Prompt 265
- System management commands 265
- Hostname 266
- System management commands 266
- User access commands 266
- Username 266
- Command line interface 267
- Enable password 267
- Ip filter commands 268
- Management 268
- System management commands 268
- Command line interface 269
- Show management 269
- Command mode global configuration 270
- Default setting 80 270
- Example 270
- Ip http port 270
- Port number the tcp port to be used by the browser interface range 1 65535 270
- Syntax ip http port port number no ip http port 270
- System management commands 270
- Table 4 12 web server commands 270
- This command specifies the tcp port number used by the web browser interface use the no form to use the default port 270
- Web server commands 270
- Command line interface 271
- Ip http secure server 271
- Ip http server 271
- Ip http secure port 272
- System management commands 272
- Command line interface 273
- Ip telnet port 273
- Telnet server commands 273
- Ip telnet server 274
- Secure shell commands 274
- System management commands 274
- Command line interface 275
- Generate a host key pair use the ip ssh crypto host key generate command to create a host public private key pair 275
- Import client s public key to the switch use the copy tftp public key command to copy a file containing the public key for all the ssh client s granted management access to the switch note that these clients must be configured locally on the switch via the user accounts page as described on page 3 46 the clients are subsequently authenticated using these keys the current 275
- Provide host public key to clients many ssh client programs automatically import the host public key during the initial connection setup with the switch otherwise you need to manually create a known hosts file on the management station and place the host public key in it an entry for a public key in the known hosts file would appear similar to the following example 275
- Table 4 15 ssh commands continued 275
- The ssh server on this switch supports both password and public key authentication if password authentication is specified by the ssh client then the password can be authenticated either locally or via a radius or tacacs remote authentication server as specified by the authentication login command on page 4 71 if public key authentication is specified by the client then you must configure authentication keys on both the client and the switch as described in the following section note that regardless of whether you use public key or password authentication you still have to generate authentication keys on the switch and enable the ssh server 275
- To use the ssh server complete these steps 275
- Ip ssh server 276
- System management commands 276
- Command line interface 277
- Ip ssh timeout 277
- Ip ssh authentication retries 278
- Ip ssh server key size 278
- System management commands 278
- Command line interface 279
- Delete public key 279
- Ip ssh crypto host key generate 279
- Ip ssh crypto zeroize 280
- Ip ssh save host key 280
- System management commands 280
- Command line interface 281
- Show ip ssh 281
- Show ssh 281
- Show public key 282
- System management commands 282
- Command line interface 283
- Example 283
- Command mode global configuration 284
- Command usage the logging process controls error messages saved to switch memory you can use the logging history command to control the type of error messages that are stored 284
- Default setting none 284
- Event logging commands 284
- Example 284
- Logging on 284
- Related commands logging history 4 44 clear logging 4 46 284
- Syntax no logging on 284
- System management commands 284
- Table 4 17 event logging commands 284
- This command controls logging of error messages sending debug or error messages to switch memory the no form disables the logging process 284
- Command line interface 285
- Logging history 285
- Logging facility 286
- Logging host 286
- System management commands 286
- Clear logging 287
- Command line interface 287
- Logging trap 287
- Show logging 288
- System management commands 288
- Command line interface 289
- Show log 289
- Default setting 290
- Example 290
- Ip_address ip address of an smtp server that will be sent alert messages for event handling 290
- Logging sendmail host 290
- Smtp alert commands 290
- Syntax no logging sendmail host ip_address 290
- System management commands 290
- Table 4 21 smtp alert commands 290
- The following example shows sample messages stored in ram 290
- These commands configure smtp event handling and forwarding of alert messages to the specified smtp servers and email recipients 290
- This command specifies smtp servers that will be sent alert messages use the no form to remove an smtp server 290
- Command line interface 291
- Logging sendmail level 291
- Logging sendmail destination email 292
- Logging sendmail source email 292
- System management commands 292
- Command line interface 293
- Logging sendmail 293
- Show logging sendmail 293
- Command mode 294
- Command usage the time acquired from time servers is used to record accurate dates and times for log events without sntp the switch only records the time starting from the factory default set at the last bootup i e 00 00 00 jan 1 2001 this command enables client time requests to time servers specified via the sntp servers command it issues time synchronization requests based on the interval set via the sntp poll command 294
- Default setting 294
- Disabled 294
- Global configuration 294
- No sntp client 294
- Sntp client 294
- Syntax 294
- System management commands 294
- Table 4 22 time commands 294
- The system clock can be dynamically set by polling a set of specified time servers ntp or sntp maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries if the clock is not set the switch will only record the time from the factory default set at the last bootup 294
- This command enables sntp client requests for time synchronization from ntp or sntp time servers specified with the sntp servers command use the no form to disable sntp client requests 294
- Time commands 294
- Command line interface 295
- Sntp server 295
- Show sntp 296
- Sntp poll 296
- System management commands 296
- Calendar set 297
- Clock timezone 297
- Command line interface 297
- Command mode normal exec privileged exec 298
- Command mode privileged exec 298
- Default setting none 298
- Example 298
- Show calendar 298
- Show startup config 298
- System management commands 298
- System status commands 298
- Table 4 23 system status commands 298
- This command displays the configuration file stored in non volatile memory that is used to start up the system 298
- This command displays the system clock 298
- This example shows how to set the system clock to 15 12 34 april 1st 2004 298
- Command line interface 299
- Command usage use this command in conjunction with the show running config command to compare the information in running memory to the information stored in non volatile memory 299
- Example 299
- Snmp community strings users names and access levels vlan database vlan id name and state vlan configuration settings for each interface ip address configured for the switch spanning tree settings any configured settings for the console port and telnet 299
- This command displays settings for key command modes each mode group is separated by symbols and includes the configuration mode command and corresponding commands this command displays the following information 299
- Show running config 300
- System management commands 300
- Command line interface 301
- Example 301
- Related commands show startup config 4 57 301
- Command mode normal exec privileged exec 302
- Command usage for a description of the items shown by this command refer to displaying system information on page 3 10 the post results should all display pass if any post test indicates fail contact your distributor for assistance 302
- Default setting none 302
- Example 302
- Show system 302
- Show users 302
- Shows all active console and telnet sessions including user name idle time and ip address of telnet client 302
- System management commands 302
- This command displays system information 302
- Command line interface 303
- Command mode normal exec privileged exec 303
- Command usage see displaying switch hardware software versions on page 3 11 for detailed information on the items displayed by this command 303
- Command usage the session used to execute this command is indicated by a symbol next to the line i e session index number 303
- Default setting 303
- Example 303
- Show version 303
- This command displays hardware and software version information for the system 303
- Frame size commands 304
- Jumbo frame 304
- System management commands 304
- Command line interface 305
- Flash file commands 305
- Flash file commands 306
- Command line interface 307
- Example the following example shows how to upload the configuration settings to a file on the tftp server 307
- The following example shows how to copy the running configuration to a startup file 307
- The following example shows how to download a configuration file 307
- This example shows how to copy a secure site certificate from a tftp server it then reboots the switch to activate the certificate 307
- Delete 308
- Flash file commands 308
- Command line interface 309
- Boot system 310
- Flash file commands 310
- Whichboot 310
- Authentication commands 311
- Authentication sequence 311
- Command line interface 311
- Authentication commands 312
- Authentication login 312
- Authentication enable 313
- Command line interface 313
- Authentication commands 314
- Command usage radius uses udp while tacacs uses tcp udp only offers best effort delivery while tcp offers a connection oriented transport also note that radius encrypts only the password in the access request packet from the client to the server while tacacs encrypts the entire body of the packet radius and tacacs logon authentication assigns a specific privilege level for each user name and password pair the user name password and privilege level must be configured on the authentication server you can specify three authentication methods in a single command to indicate the authentication sequence for example if you enter authentication enable radius tacacs local the user name and password on the radius server is verified first if the radius server is not available then authentication is attempted on the tacacs server if the tacacs server is not available the local user name and password is checked 314
- Example 314
- Radius client 314
- Related commands enable password sets the password for changing command modes 4 26 314
- Remote authentication dial in user service radius is a logon authentication protocol that uses software running on a central server to control access to radius aware devices on the network an authentication server contains a database of multiple user name password pairs with associated privilege levels for each user or group that require management access to a switch 314
- Table 4 29 radius client commands 314
- Command line interface 315
- Radius server host 315
- Radius server port 315
- Authentication commands 316
- Radius server key 316
- Radius server retransmit 316
- Command line interface 317
- Radius server timeout 317
- Show radius server 317
- Authentication commands 318
- Tacacs client 318
- Tacacs server host 318
- Tacacs server port 318
- Command line interface 319
- Show tacacs server 319
- Tacacs server key 319
- Authentication commands 320
- Port security 320
- Port security commands 320
- Command line interface 321
- Authentication commands 322
- Command mode 322
- Default setting 322
- Disabled 322
- Dot1x system auth control 322
- Example 322
- Global configuration 322
- No dotx system auth control 322
- Syntax 322
- Table 4 32 802 x port authentication 322
- The switch supports ieee 802 x dot1x port based access control that prevents unauthorized access to the network by requiring users to first submit credentials for authentication client authentication is controlled centrally by a radius server using eap extensible authentication protocol 322
- This command enables 802 x port authentication globally on the switch use the no form to restore the default 322
- X port authentication 322
- Command line interface 323
- Dot1x default 323
- Dot1x max req 323
- Dot1x port control 323
- Authentication commands 324
- Dot1x operation mode 324
- Command line interface 325
- Dot1x re authenticate 325
- Dot1x re authentication 325
- Dot1x timeout quiet period 325
- Authentication commands 326
- Dot1x timeout re authperiod 326
- Dot1x timeout tx period 326
- Command line interface 327
- Show dot1x 327
- Authentication commands 328
- Connecting authenticating authenticated aborting 328
- Command line interface 329
- Example 329
- Access control list commands 330
- Access list ip 331
- Command line interface 331
- Ip acls 331
- Access control list commands 332
- Permit deny extended acl 332
- Permit deny standard acl 332
- Command line interface 333
- Access control list commands 334
- Ip access group 334
- Show ip access list 334
- Access control list commands 335
- Access list mac 335
- Mac acls 335
- Command line interface 336
- Permit deny mac acl 336
- Access control list commands 337
- Show mac access list 337
- Command line interface 338
- Mac access group 338
- Show mac access group 338
- Command line interface 339
- Show ip access group 339
- Access control list commands 340
- Acl information 340
- Command mode 340
- Command usage 340
- Example 340
- Once the acl is bound to an interface i e the acl is active the order in which the rules are displayed is determined by the associated mask 340
- Privileged exec 340
- Privileged executive 340
- Show access group 340
- Show access list 340
- Table 4 36 acl information 340
- This command shows all acls and associated rules as well as all the user defined masks 340
- This command shows the port assignments of acls 340
- Command line interface 341
- Controls access to this switch from management stations using the simple network management protocol snmp as well as the error types sent to trap managers 341
- Snmp commands 341
- Snmp version 3 also provides security features that cover message integrity authentication and encryption as well as controlling user access to specific areas of the mib tree to use snmpv3 first set an snmp engine id or accept the default specify read and write access views for the mib tree configure snmp user groups with the required security model i e snmp v1 v2c or v3 and security level i e authentication and privacy and then assign snmp users to these groups along with their specific authentication and privacy passwords 341
- Table 4 37 snmp commands 341
- Show snmp 342
- Snmp commands 342
- Snmp server 342
- Command line interface 343
- Snmp server community 343
- Snmp commands 344
- Snmp server contact 344
- Snmp server location 344
- Command line interface 345
- Snmp server host 345
- Snmp commands 346
- Command line interface 347
- Snmp server enable traps 347
- Snmp commands 348
- Snmp server engine id 348
- Command line interface 349
- Show snmp engine id 349
- Form to remove an snmp view 350
- Snmp commands 350
- Snmp server view 350
- This command adds an snmp view which controls user access to the mib use the 350
- Command line interface 351
- Show snmp view 351
- Snmp server group 351
- Command page 4 106 352
- Snmp commands 352
- When privacy is selected the des 56 bit algorithm is used for data encryption for additional information on the notification messages supported by this switch see supported notification messages on page 5 13 also note that the authentication link up and link down messages are legacy traps and must therefore be enabled in conjunction with the 352
- Command line interface 353
- Command mode privileged exec 353
- Example 353
- Four default groups are provided snmpv1 read only access and read write access and snmpv2c read only access and read write access 353
- Show snmp group 353
- Snmp commands 354
- Snmp server user 354
- Command line interface 355
- Digests from the user s password if the remote engine id is not first configured 355
- Command mode privileged exec 356
- Example 356
- Show snmp user 356
- Snmp commands 356
- Table 4 41 show snmp user display description 356
- This command shows information on snmp users 356
- Command line interface 357
- Default setting 357
- Ethernet unit port unit stack unit range unit 1 port port number range 1 26 port channel channel id range 1 4 vlan vlan id range 1 4094 357
- Interface 357
- Interface commands 357
- Interface interface no interface port channel channel id 357
- Syntax 357
- Table 4 42 interface commands 357
- These commands are used to display or set communication parameters for an ethernet port aggregated link or vlan 357
- This command configures an interface type and enter interface configuration mode use the no form to remove a trunk 357
- Description 358
- Interface commands 358
- Speed duplex 358
- Command line interface 359
- Negotiation 359
- Capabilities 360
- Interface commands 360
- Command line interface 361
- Flowcontrol 361
- Interface commands 362
- Shutdown 362
- Clear counters 363
- Command line interface 363
- Switchport broadcast packet rate 363
- Interface commands 364
- Show interfaces status 364
- Command line interface 365
- Show interfaces counters 365
- Interface commands 366
- Show interfaces switchport 366
- Command line interface 367
- Example 367
- Table 4 43 interfaces switchport statistics 367
- This example shows the configuration setting for port 24 367
- Mirror port commands 368
- Port monitor 368
- Command line interface 369
- Show port monitor 369
- Rate limit 370
- Rate limit commands 370
- Command line interface 371
- Link aggregation commands 371
- Ports can be statically grouped into an aggregate link i e trunk to increase the bandwidth of a network connection or to ensure fault recovery or you can use the link aggregation control protocol lacp to automatically negotiate a trunk link between this switch and another network device for static trunks the switches have to comply with the cisco etherchannel standard for dynamic trunks the switches have to comply with lacp this switch supports up to 32 trunks for example a trunk consisting of two 1000 mbps ports can support an aggregate bandwidth of 4 gbps when operating at full duplex 371
- Table 4 46 link aggregation commands 371
- Channel group 372
- Link aggregation commands 372
- Command line interface 373
- Lacp system priority 374
- Link aggregation commands 374
- Command line interface 375
- Lacp admin key ethernet interface 375
- Lacp admin key port channel 376
- Link aggregation commands 376
- Command line interface 377
- Lacp port priority 377
- Show lacp 377
- Command mode 378
- Default setting 378
- Example 378
- Field description 378
- Lacpdus illegal pkts number of frames that carry the slow protocols ethernet type value but contain a badly formed pdu or an illegal value of protocol subtype 378
- Lacpdus received number of valid lacpdus received on this channel group 378
- Lacpdus sent number of valid lacpdus transmitted from this channel group 378
- Lacpdus unknown pkts number of frames received that either 1 carry the slow protocols ethernet type value but contain an unknown pdu or 2 are addressed to the slow protocols group mac address but do not carry the slow protocols ethernet type 378
- Link aggregation commands 378
- Marker received number of valid marker pdus received by this channel group 378
- Marker sent number of valid marker pdus transmitted from this channel group 378
- Port channel all 378
- Privileged exec 378
- Table 4 47 show lacp counters display description 378
- Command line interface 379
- Long timeout periodic transmission of lacpdus uses a slow transmission rate lacp activity activity control value with regard to this link 0 passive 1 active 379
- Table 4 48 show lacp internal display description 379
- Link aggregation commands 380
- Table 4 49 show lacp neighbors display description 380
- Table 4 50 show lacp sysid display description 380
- Address table commands 381
- Command line interface 381
- Mac address table static 381
- Address table commands 382
- Clear mac address table dynamic 382
- Show mac address table 382
- Command line interface 383
- Mac address table aging time 383
- Address table commands 384
- Show mac address table aging time 384
- Command line interface 385
- Spanning tree commands 385
- Table 4 52 spanning tree commands 385
- This section includes commands that configure the spanning tree algorithm sta globally for the switch and commands that configure sta for the selected interface 385
- Spanning tree 386
- Spanning tree commands 386
- Spanning tree mode 386
- Command line interface 387
- Spanning tree forward time 387
- Spanning tree commands 388
- Spanning tree hello time 388
- Command line interface 389
- Spanning tree max age 389
- Spanning tree priority 389
- Spanning tree commands 390
- Spanning tree pathcost method 390
- Command line interface 391
- Spanning tree mst configuration 391
- Spanning tree transmission limit 391
- Mst priority 392
- Mst vlan 392
- Spanning tree commands 392
- Command line interface 393
- Max hops 394
- Revision 394
- Spanning tree commands 394
- Command line interface 395
- Spanning tree cost 395
- Spanning tree spanning disabled 395
- Spanning tree commands 396
- Spanning tree port priority 396
- Command line interface 397
- Spanning tree edge port 397
- Spanning tree portfast 397
- Spanning tree commands 398
- Spanning tree link type 398
- Command line interface 399
- Spanning tree mst cost 399
- Spanning tree commands 400
- Spanning tree mst port priority 400
- Command line interface 401
- Show spanning tree 401
- Spanning tree protocol migration 401
- Spanning tree commands 402
- Command line interface 403
- Command mode privileged exec 403
- Example 403
- Show spanning tree mst configuration 403
- This command shows the configuration of the multiple spanning tree 403
- Gvrp and bridge extension commands 404
- Vlan commands 404
- Bridge ext gvrp 405
- Command line interface 405
- Show bridge ext 405
- Show gvrp configuration 406
- Switchport gvrp 406
- Vlan commands 406
- Command line interface 407
- Garp timer 407
- Show garp timer 407
- Editing vlan groups 408
- Vlan commands 408
- Vlan database 408
- Command line interface 409
- Command mode 410
- Configuring vlan interfaces 410
- Default setting 410
- Example 410
- Global configuration 410
- Interface vlan 410
- Interface vlan vlan id 410
- Related commands 410
- Show vlan 4 175 410
- Syntax 410
- Table 4 56 configuring vlan interfaces 410
- The following example adds a vlan using vlan id 105 and name rd5 the vlan is activated by default 410
- This command enters interface configuration mode for vlans which is used to configure vlan parameters for a physical interface 410
- Vlan commands 410
- Vlan id id of the configured vlan range 1 4094 no leading zeroes 410
- Command line interface 411
- Switchport mode 411
- Switchport acceptable frame types 412
- Switchport ingress filtering 412
- Vlan commands 412
- Command line interface 413
- Switchport native vlan 413
- Switchport allowed vlan 414
- Vlan commands 414
- Command line interface 415
- Switchport forbidden vlan 415
- Displaying vlan information 416
- Show vlan 416
- Vlan commands 416
- Command line interface 417
- Configuring ieee 802 q tunneling 417
- Dot1q tunnel system tunnel control 417
- Switchport dot1q tunnel mode 418
- Vlan commands 418
- Command line interface 419
- Related commands 419
- Show dot1q tunnel 419
- Switchport dot1q tunnel tpid 419
- Configuring private vlans 420
- Example 420
- Private vlans provide port based security and isolation between ports within the assigned vlan this section describes commands used to configure private vlans 420
- Pvlan up link interface list down link interface list no pvlan 420
- Related commands 420
- Switchport dot1q tunnel mode 4 177 420
- Syntax 420
- Table 4 59 private vlan commands 420
- This command enables or configures a private vlan use the no form to disable the private vlan 420
- Vlan commands 420
- Command line interface 421
- Private vlans and normal vlans can exist simultaneously within the same switch 421
- Show pvlan 421
- Configuring protocol based vlans 422
- Protocol vlan protocol group configuring groups 422
- Vlan commands 422
- Command line interface 423
- Protocol vlan protocol group configuring interfaces 423
- Show interfaces protocol vlan protocol group 424
- Show protocol vlan protocol group 424
- Vlan commands 424
- Command line interface 425
- Priority commands 425
- Priority commands layer 2 425
- Priority commands 426
- Queue mode 426
- Switchport priority default 426
- Command line interface 427
- Queue bandwidth 427
- Priority commands 428
- Queue cos map 428
- Command line interface 429
- Show queue bandwidth 429
- Show queue mode 429
- Map ip dscp global configuration 430
- Priority commands 430
- Priority commands layer 3 and 4 430
- Show queue cos map 430
- Command line interface 431
- Map ip dscp interface configuration 431
- Priority commands 432
- Show map ip dscp 432
- Command line interface 433
- Example 433
- Map ip dscp global configuration 4 189 map ip dscp interface configuration 4 190 433
- Quality of service commands 433
- Related commands 433
- The commands described in this section are used to configure differentiated services diffserv classification criteria and service policies you can classify traffic based on access lists ip precedence or dscp values or vlans using access lists allows you select traffic based on layer 2 layer 3 or layer 4 information contained in each packet 433
- Notes 1 434
- Quality of service commands 434
- Table 4 66 quality of service commands 434
- To create a service policy for a specific category of ingress traffic follow these steps 434
- Use the class map command to designate a class name for a specific category of traffic and enter the class map configuration mode 2 use the match command to select a specify type of traffic based on an access list a dscp or ip precedence value or a vlan 3 set an acl mask to enable filtering for the criteria specified in the match command 4 use the policy map command to designate a policy name for a specific manner in which ingress traffic will be handled and enter the policy map configuration mode 5 use the class command to identify the class map and enter policy map class configuration mode a policy map can contain multiple class statements 6 use the set command to modify the qos value for matching traffic class and use the policer command to monitor the average flow and burst rate and drop any traffic that exceeds the specified rate or just reduce the dscp service level for traffic exceeding the specified rate 7 use the service policy command to assign a policy map to a specific inte 434
- Class map 435
- Command line interface 435
- Policy map 436
- Quality of service commands 436
- Command line interface 437
- You must create a class map page 4 195 before assigning it to a policy map 437
- New cos 438
- New dscp 438
- New precedence 438
- New precedence new ip precedence value 438
- Quality of service commands 438
- Command line interface 439
- Police 439
- Rate kbp 439
- Rate kbps burst byte 439
- Class map name 440
- Policy map nam 440
- Policy map name 440
- Quality of service commands 440
- Service policy 440
- Show class map 440
- Class map name 441
- Command line interface 441
- Interface 441
- Policy map nam 441
- Policy map name 441
- Show policy map 441
- Show policy map interface 441
- Example 442
- Igmp snooping commands 442
- Multicast filtering commands 442
- Command line interface 443
- Ip igmp snooping 443
- Ip igmp snooping vlan static 443
- Ip igmp snooping leave proxy 444
- Ip igmp snooping version 444
- Multicast filtering commands 444
- Command line interface 445
- Ip igmp snooping immediate leave 445
- Show ip igmp snooping 445
- Multicast filtering commands 446
- Show mac address table multicast 446
- Command line interface 447
- Igmp query commands layer 2 447
- Ip igmp snooping querier 447
- Ip igmp snooping query count 447
- Ip igmp snooping query interval 448
- Multicast filtering commands 448
- Command line interface 449
- Ip igmp snooping query max response time 449
- Ip igmp snooping router port expire time 449
- Ip igmp snooping vlan mrouter 450
- Multicast filtering commands 450
- Static multicast routing commands 450
- Command line interface 451
- Show ip igmp snooping mrouter 451
- The following shows how to configure port 11 as a multicast router port within vlan 1 451
- Command mode global configuration 452
- Command usage igmp filtering enables you to assign a profile to a switch port that specifies multicast groups that are permitted or denied on the port an igmp filter profile can contain one or more or a range of multicast addresses but only one profile can be assigned to a port when enabled igmp join reports received on the port are checked against the filter profile if a requested multicast group is permitted the igmp join report is forwarded as normal if a requested multicast group is denied the igmp join report is dropped igmp filtering and throttling only applies to dynamically learned multicast groups it does not apply to statically configured groups 452
- Default setting 452
- Disabled 452
- Igmp filtering and throttling commands 452
- In certain switch applications the administrator may want to control the multicast services that are available to end users for example an ip tv service based on a specific subscription plan the igmp filtering feature fulfills this requirement by restricting access to specified multicast services on a switch port and igmp throttling limits the number of simultaneous multicast groups a port can join 452
- Ip igmp filter global configuration 452
- Multicast filtering commands 452
- No ip igmp filter 452
- Syntax 452
- Table 4 71 igmp filtering and throttling commands 452
- This command globally enables igmp filtering and throttling on the switch use the no form to disable the feature 452
- Command line interface 453
- Ip igmp profile 453
- Permit deny 453
- Ip igmp filter interface configuration 454
- Multicast filtering commands 454
- Command line interface 455
- Ip igmp max groups 455
- Ip igmp max groups action 456
- Multicast filtering commands 456
- Show ip igmp filter 456
- Command line interface 457
- Show ip igmp profile 457
- Show ip igmp throttle interface 457
- Command mode 458
- Command usage 458
- Default setting 458
- Example 458
- Multicast filtering commands 458
- Multicast vlan registration commands 458
- Port port number range 1 29 port channel channel id range 1 4 458
- Privileged exec 458
- Table 4 72 multicast vlan registration commands 458
- This section describes commands used to configure multicast vlan registration mvr a single network wide vlan can be used to transmit multicast traffic such as television channels across a service provider s network any multicast traffic entering an mvr vlan is sent to all subscribers this can significantly reduce to processing overhead required to dynamically monitor and establish the distribution tree for a normal multicast vlan also note that mvr maintains the user isolation and data security provided by vlan segregation by passing only multicast traffic into other vlans to which the subscribers belong 458
- Using this command without specifying an interface displays all interfaces 458
- Command line interface 459
- Mvr global configuration 459
- Multicast filtering commands 460
- Mvr interface configuration 460
- Command line interface 461
- Multicast filtering commands 462
- Show mvr 462
- Command line interface 463
- Table 4 74 show mvr interface display description 463
- Table 4 75 show mvr members display description 463
- The following displays information about the interfaces attached to the mvr vlan 463
- The following shows information about the interfaces associated with multicast groups assigned to the mvr vlan 463
- Ip address 464
- Ip interface commands 464
- Command line interface 465
- Ip default gateway 465
- Command line interface 466
- Show ip redirects 466
- Ip source guard 467
- Ip source guard commands 467
- Command line interface 468
- Ip source guard binding 469
- Ip source guard commands 469
- Command line interface 470
- Show ip source guard 470
- Show ip source guard binding 470
- Dhcp snooping commands 471
- Ip dhcp snooping 471
- Command line interface 472
- Dhcp snooping commands 473
- Ip dhcp snooping vlan 473
- Command line interface 474
- Ip dhcp snooping trust 474
- Dhcp snooping commands 475
- Ip dhcp snooping information option 475
- Ip dhcp snooping verify mac address 475
- Command line interface 476
- Ip dhcp snooping information policy 476
- Show ip dhcp snooping 477
- Show ip dhcp snooping binding 477
- Switch cluster commands 477
- Cluster 478
- Command line interface 478
- Command mode global configuration 478
- Command usage to create a switch cluster first be sure that clustering is enabled on the switch the default is enabled then set the switch as a cluster commander set a cluster ip pool that does not conflict with any other ip subnets in the network cluster ip addresses are assigned to switches when they become members and are used for communication between member switches and the commander switch clusters are limited to a single ip subnet layer 2 domain a switch can only be a member of one cluster configured switch clusters are maintained across power resets and network changes 478
- Default setting 478
- Enabled 478
- Example 478
- Syntax no cluster 478
- Table 4 79 switch cluster commands 478
- This command enables clustering on the switch use the no form to disable clustering 478
- Cluster commander 479
- Cluster ip pool 479
- Switch cluster commands 479
- Cluster member 480
- Command line interface 480
- Rcommand 480
- Command mode privileged exec 481
- Example 481
- Show cluster 481
- Show cluster members 481
- Switch cluster commands 481
- This command shows the current switch cluster members 481
- This command shows the switch clustering configuration 481
- Command line interface 482
- Command mode privileged exec 482
- Example 482
- Show cluster candidates 482
- This command shows the discovered candidate switches in the network 482
- Appendix a software specifications 483
- Software features 483
- Management features 484
- Software specifications 484
- Standards 484
- Management information bases 485
- Appendix b troubleshooting 487
- Problems accessing the management interface 487
- Troubleshooting 488
- Using system logs 488
- Access control list acl 489
- Boot protocol bootp bootp is 489
- Class of service cos 489
- Differentiated services code point service dscp 489
- Domain name service dns 489
- Dynamic host control protocol dhcp 489
- Extensible authentication protocol over lan eapol 489
- Glossary 489
- Glossary 1 489
- Garp vlan registration protocol gvrp 490
- Generic attribute registration protocol garp 490
- Generic multicast registration protocol gmrp 490
- Glossary 490
- Glossary 2 490
- Group attribute registration protocol garp 490
- Ieee 802 ac 490
- Ieee 802 d 490
- Ieee 802 p 490
- Ieee 802 q 490
- Ieee 802 x 490
- Glossary 491
- Glossary 3 491
- Igmp query 491
- Igmp snooping 491
- In band management 491
- Internet group management protocol igmp 491
- Ip multicast filtering 491
- Layer 2 491
- Link aggregation 491
- Link aggregation control protocol lacp 491
- Management information base mib 491
- Md5 message digest algorithm 491
- Glossary 492
- Glossary 4 492
- Multicast switching 492
- Network time protocol ntp 492
- Out of band management 492
- Port authentication 492
- Port mirroring 492
- Port trunk 492
- Private vlans 492
- Rapid spanning tree protocol rstp rst 492
- Remote authentication dial in user service radius radius 492
- Remote monitoring rmon 492
- Glossary 493
- Glossary 5 493
- Secure shell ssh 493
- Simple network management protocol snmp 493
- Simple network time protocol sntp sntp 493
- Spanning tree algorithm sta 493
- Telnet 493
- Terminal access controller access control system plus tacacs tacacs 493
- Transmission control protocol internet protocol tcp ip 493
- Trivial file transfer protocol tftp 493
- User datagram protocol udp udp 493
- Glossary 494
- Glossary 6 494
- Virtual lan vlan 494
- Xmodem 494
- Ip dhcp restart 495
- Ip interface commands 495
- Show ip interface 495
- Index 1 496
- Numerics 496
- Index 2 497
- Index 3 498
- Index 4 499
Похожие устройства
- Samsung Galaxy Tab 3 8.0 SM-T3110 3G 16Gb Gold Brown Инструкция по эксплуатации
- Sony HVL-F58AM Инструкция по эксплуатации
- Siemens KI..R.. Инструкция по эксплуатации
- Sony SEL-18200 Инструкция по эксплуатации
- Tp-Link TL-SM221A Инструкция по эксплуатации
- Sony DPF-E75 Инструкция по эксплуатации
- Tp-Link TL-SM221B Инструкция по эксплуатации
- Panasonic DVD-S49 Инструкция по эксплуатации
- Sony SEL-1855 Инструкция по эксплуатации
- Samsung Nexus 10 P8110 16Gb Инструкция по эксплуатации
- Sony DPF-A710 Инструкция по эксплуатации
- Tp-Link TL-WN321G Инструкция по эксплуатации
- Vitek VT-3784 Инструкция по эксплуатации
- Sony SEL-16F28 Инструкция по эксплуатации
- Sony DPF-D85 Black Инструкция по эксплуатации
- Fagor 3FS-3611 Инструкция по эксплуатации
- Tp-Link TL-WN322G Инструкция по эксплуатации
- Sony Bloggie MHS-TS20K Инструкция по эксплуатации
- Sony DPF-D720 White Инструкция по эксплуатации
- Novex CT1476 Инструкция по эксплуатации